Turning Your MikroTik Router into a PPPoE Server (Detailed Explanation) Print

Hello there! It’s Emmanuel Corels from Emmanuel Corels Creatives. In this guide, we’ll show you how to set up your MikroTik router as a PPPoE (Point-to-Point Protocol over Ethernet) server. This is a common configuration for ISPs, cafés, or any network that wants to provide dial-in access for multiple users. We’ll cover every step in detail—including what each setting means and why it matters—so even beginners can follow along.

What Is a PPPoE Server and Why Use It?

A PPPoE server allows multiple clients to connect to your network over a single physical interface by “dialing in” with a username and password. Once authenticated, each client is assigned an IP address and can access network resources or the internet. PPPoE is often used in scenarios where:

• User Authentication is needed before granting network access.
• Bandwidth Management or billing per user is required.
• ISPs or small businesses want to provide secure, individualized connections.

Physical Setup and Assumptions

For this guide, let’s assume:

• Ether2 is dedicated to subscriber connections (for example, via a switch or wireless AP connected to it).
• Your LAN will use a separate subnet for PPPoE clients.
• You have basic connectivity on your router and access via WinBox or CLI.

Step 1: Create an IP Pool for PPPoE Clients

Each client connecting via PPPoE will be assigned an IP address from a predefined pool.

1. In WinBox:
   • Navigate to IP → Pool.
   • Click the “+” button.
   • Name: pppoe_pool
   • Ranges: For example, enter 192.168.100.10-192.168.100.254
   • Click OK.

Why?
This pool defines the range of IP addresses available to PPPoE clients. It’s important that these addresses do not conflict with any other networks in your environment.

CLI Equivalent:

/ip pool add name=pppoe_pool ranges=192.168.100.10-192.168.100.254

Step 2: Create a PPP Profile for PPPoE Clients

A PPP profile determines the settings for a PPPoE session, such as the local gateway address and which IP pool to use for remote clients.

1. In WinBox:
   • Go to PPP → Profiles.
   • Click “+” to add a new profile.
   • Name: PPPoE_Profile
   • Local Address: Set this to the gateway for PPPoE clients, e.g., 192.168.100.1
     • This is the IP that PPPoE clients will use as their gateway.
   • Remote Address: Select your previously created pool (pppoe_pool).
   • You can leave other options (like DNS servers) at default unless you have specific needs.
   • Click OK.

Explanation:
The profile binds the PPPoE session to a specific IP range and defines how clients interact with your router.

CLI Equivalent:

/ppp profile add name=PPPoE_Profile local-address=192.168.100.1 remote-address=pppoe_pool

Step 3: Add PPP Secrets (User Accounts)

Each user connecting via PPPoE needs a unique account with a username and password.

1. In WinBox:
   • Navigate to PPP → Secrets.
   • Click the “+” button to add a new secret.
   • Name: For example, user1
   • Password: Choose a strong password, e.g., StrongPass123
   • Service: Select pppoe
   • Profile: Choose the profile you created (PPPoE_Profile)
   • Click OK.

Why?
This step creates an authentication record for each subscriber. They’ll use these credentials to “dial in” to your network.

CLI Equivalent:

/ppp secret add name=user1 password=StrongPass123 service=pppoe profile=PPPoE_Profile

Step 4: Enable the PPPoE Server

Now, let’s enable the PPPoE server on the interface that will accept subscriber connections.

1. In WinBox:
   • Go to Interfaces → PPPoE Server.
   • Click the “+” button to add a new PPPoE server.
   • Service Name: You can leave it as default or name it (e.g., pppoe1).
   • Interface: Select ether2 (or whichever interface is dedicated to subscribers).
   • Default Profile: Choose PPPoE_Profile
   • One Session Per Host: Enable this to prevent a single MAC address from opening multiple sessions.
   • Max MTU and MRU: Set these to standard values (e.g., 1480)—these control the maximum transmission and reception unit sizes.
   • Leave advanced settings at default unless you have specific requirements.
   • Click OK.

Explanation:
This configures your router to listen for PPPoE connection requests on the specified interface. Clients dialing in will be handled according to the PPP profile and secrets you’ve set up.

CLI Equivalent:

/interface pppoe-server server add service-name=pppoe1 interface=ether2 default-profile=PPPoE_Profile one-session-per-host=yes max-mtu=1480 max-mru=1480 disabled=no

Step 5: Firewall and NAT Considerations

To allow PPPoE clients to access the internet, ensure that NAT (masquerading) is correctly configured on your WAN interface.

1. Check Existing NAT Rule:
   • Go to IP → Firewall → NAT.
   • Ensure there is a rule that masquerades outgoing traffic, typically matching the WAN interface (e.g., ether1 or your PPPoE-out from another link).
2. If Needed, Add a Specific NAT Rule:
   • Create a rule for traffic coming from the PPPoE subnet:
     • Chain: srcnat
     • Src. Address: 192.168.100.0/24 (the subnet for PPPoE clients)
     • Out. Interface: Your WAN interface (e.g., ether1)
     • Action: masquerade
   • Click OK.

CLI Equivalent:

/ip firewall nat add chain=srcnat src-address=192.168.100.0/24 out-interface=ether1 action=masquerade

Step 6: Testing and Troubleshooting

1. Test from a Client Device:
   • Connect a device (via a wired connection, a wireless AP attached to ether2, or a PPPoE client software) and dial in using the credentials (user1 / StrongPass123).
   • Verify that the client receives an IP from the pppoe_pool (e.g., an address like 192.168.100.20).
2. Ping the PPPoE Gateway:
   • From the client, ping the gateway (192.168.100.1) to ensure connectivity.
3. Check Active Connections:
   • In WinBox, go to PPP → Active Connections to see if the session appears.
4. Review Logs:
   • Look at System → Log or use /log print in the CLI for any PPPoE or authentication errors.
5. Common Issues:
   • Authentication Failures: Double-check your PPP secret credentials.
   • IP Pool Exhaustion: Ensure the IP pool has enough addresses for all potential clients.
   • Interface Misconfiguration: Verify that the PPPoE server is bound to the correct interface (e.g., ether2).

Final Thoughts

Setting up a PPPoE server on your MikroTik router might seem complex at first, but breaking it down into clear steps makes the process manageable—even for beginners. By creating an IP pool, defining a PPP profile, adding user accounts, and enabling the PPPoE server on the right interface, you provide a secure and controlled way for multiple users to access your network.

Take your time with each step, verify settings with WinBox or the CLI, and test thoroughly before rolling out to all users. If you run into any questions or issues, feel free to reach out—I'm here to help!

Explained in detail by
Emmanuel Corels – Admin, Emmanuel Corels Creatives